Experts: Symantec Security Flaw Is 'as Bad as it Gets'

Member

"Newly discovered vulnerabilities in Symantec's antivirus software include a flaw that could allow an attacker to remotely corrupt a computer's memory, security researchers announced this week.

The vulnerabilities affect several Symantec products, including Norton antivirus software for consumers as well as enterprise solutions like Endpoint Protection and Mail Security for Microsoft Exchange. Symantec said it was not aware of the vulnerabilities being exploited, and has issued software updates that correct the flaws.

Google's Project Zero security team published an analysis of the flaws on its blog, explaining that they are particularly serious in part because they affect the entire Symantec product line.

"These vulnerabilities are as bad as it gets," they wrote. "They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.""